• F5 BIG-IP TMUI AJP Smuggling RCE
    Disclosure Date: 2023-10-26
    First seen: 2023-11-04
    exploit/linux/http/f5_bigip_tmui_rce_cve_2023_46747
    This module exploits a flaw in F5's BIG-IP Traffic Management User Interface (TMUI) that enables an external, unauthenticated attacker to create an administrative user. Once the user is created, the module uses the new account to execute a command payload. Both the exploit and check methods automatically delete any temporary accounts that are created. Authors: - Michael Weber - Thomas Hendrickson - Sandeep Singh - Spencer McIntyre
  • F5 BIG-IP iControl CSRF File Write SOAP API
    Disclosure Date: 2022-11-16
    First seen: 2022-12-23
    exploit/linux/http/f5_icontrol_soap_csrf_rce_cve_2022_41622
    This module exploits a cross-site request forgery (CSRF) vulnerability in F5 Big-IP's iControl interface to write an arbitrary file to the filesystem. While any file can be written to any location as root, the exploitability is limited by SELinux; the vast majority of writable locations are unavailable. By default, we write to a script that executes at reboot, which means the payload will execute the next time the server boots. An alternate target - Login - will add a backdoor that executes next time a user logs in interactively. This overwrites a file, but we restore it when we get a session Note that because this is a CSRF vulnerability, it starts a web server, but an authenticated administrator must visit the site, which redirects them to the target. Authors: - Ron Bowes
  • F5 BIG-IP iControl Authenticated RCE via RPM Creator
    Disclosure Date: 2022-11-16
    First seen: 2022-12-23
    exploit/linux/http/f5_icontrol_rpmspec_rce_cve_2022_41800
    This module exploits a newline injection into an RPM .rpmspec file that permits authenticated users to remotely execute commands. Successful exploitation results in remote code execution as the root user. Authors: - Ron Bowes
  • F5 BIG-IP iControl RCE via REST Authentication Bypass
    Disclosure Date: 2022-05-04
    First seen: 2022-12-23
    exploit/linux/http/f5_icontrol_rce
    This module exploits an authentication bypass vulnerability in the F5 BIG-IP iControl REST service to gain access to the admin account, which is capable of executing commands through the /mgmt/tm/util/bash endpoint. Successful exploitation results in remote code execution as the root user. Authors: - Heyder Andrade - alt3kx <alt3kx@protonmail.com> - James Horseman - Ron Bowes
  • F5 iControl REST Unauthenticated SSRF Token Generation RCE
    Disclosure Date: 2021-03-10
    First seen: 2021-04-01
    exploit/linux/http/f5_icontrol_rest_ssrf_rce
    This module exploits a pre-auth SSRF in the F5 iControl REST API's /mgmt/shared/authn/login endpoint to generate an X-F5-Auth-Token that can be used to execute root commands on an affected BIG-IP or BIG-IQ device. This vulnerability is known as CVE-2021-22986. CVE-2021-22986 affects the following BIG-IP versions: * 12.1.0 - 12.1.5 * 13.1.0 - 13.1.3 * 14.1.0 - 14.1.3 * 15.1.0 - 15.1.2 * 16.0.0 - 16.0.1 And the following BIG-IQ versions: * 6.0.0 - 6.1.0 * 7.0.0 * 7.1.0 Tested against BIG-IP Virtual Edition 16.0.1 in VMware Fusion. Authors: - wvu <wvu@metasploit.com> - Rich Warren
  • F5 BIG-IP TMUI Directory Traversal and File Upload RCE
    Disclosure Date: 2020-06-30
    First seen: 2020-07-07
    exploit/linux/http/f5_bigip_tmui_rce
    This module exploits a directory traversal in F5's BIG-IP Traffic Management User Interface (TMUI) to upload a shell script and execute it as the Unix root user. Unix shell access is obtained by escaping the restricted Traffic Management Shell (TMSH). The escape may not be reliable, and you may have to run the exploit multiple times. Sorry! Versions 11.6.1-11.6.5, 12.1.0-12.1.5, 13.1.0-13.1.3, 14.1.0-14.1.2, 15.0.0, and 15.1.0 are known to be vulnerable. Fixes were introduced in 11.6.5.2, 12.1.5.2, 13.1.3.4, 14.1.2.6, and 15.1.0.4. Tested against the VMware OVA release of 14.1.2. Authors: - Mikhail Klyuchnikov - wvu <wvu@metasploit.com>
  • F5 BIG-IP TMUI Directory Traversal and File Upload RCE
    Disclosure Date: 2020-06-30
    First seen: 2023-11-04
    exploit/linux/http/f5_bigip_tmui_rce_cve_2020_5902
    This module exploits a directory traversal in F5's BIG-IP Traffic Management User Interface (TMUI) to upload a shell script and execute it as the Unix root user. Unix shell access is obtained by escaping the restricted Traffic Management Shell (TMSH). The escape may not be reliable, and you may have to run the exploit multiple times. Sorry! Versions 11.6.1-11.6.5, 12.1.0-12.1.5, 13.1.0-13.1.3, 14.1.0-14.1.2, 15.0.0, and 15.1.0 are known to be vulnerable. Fixes were introduced in 11.6.5.2, 12.1.5.2, 13.1.3.4, 14.1.2.6, and 15.1.0.4. Tested against the VMware OVA release of 14.1.2. Authors: - Mikhail Klyuchnikov - wvu <wvu@metasploit.com>
  • F5 iControl iCall::Script Root Command Execution
    Disclosure Date: 2015-09-03
    First seen: 2020-04-26
    exploit/linux/http/f5_icall_cmd
    This module exploits an authenticated privilege escalation vulnerability in the iControl API on the F5 BIG-IP LTM (and likely other F5 devices). This requires valid credentials and the Resource Administrator role. The exploit should work on BIG-IP 11.3.0 - 11.6.0, (11.5.x < 11.5.3 HF2 or 11.6.x < 11.6.0 HF6, see references for more details) Authors: - tom - Jon Hart <jon_hart@rapid7.com>
8 metasploit modules found
Please note: Metasploit modules are only matched by CVE numbers. Visit metasploit web site for more details
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!